> Is anyone aware of some kind of IRC worm that uses > SMTP servers to act > as a spy client or something like that? I'm not sure what you mean by this. After all, why would an IRC worm need SMTP capability? If the worm causes the compromise system to connect to an IRC channel, why would SMTP capability be needed? > Not that i consider this a serious issue ( from the > server side of > course ), but I'm curious on what's causing this > behaviour. If you really are curious as to what is causing this behaviour, I would suggest that you go back to your IDS and identify the specific systems from which this traffic originates, and then investigate those systems. Since you say that this traffic has been picked up by your IDS, it's just common sense that the sources of the traffic should be investigated. __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Dec 18 2002 - 11:27:56 PST